Behind both a 2015 hack on the German parliament and interference in the 2016 United States election is the same suspect – a Russian citizen – who is wanted by both nations. Whether the suspect ever comes to trial in either country is uncertain, but legal actions by governments are one way that norms of behavior in cyberspace are being defined and enforced, a senior Department of Justice (DoJ) official said today.
Germany issued an arrest warrant earlier this year for Dmitriy Badin, one of 12 Russian intelligence officers indicted in the probe of former Special Counsel Robert Mueller for interference related to the 2016 election. The German foreign ministry is seeking European Union (EU) sanctions against Badin for the 2015 hack in that country, according to The Wall Street Journal.
“One of the things that we are trying to do with our indictments, and that we’ve been trying to do for a number of years, is to establish norms of nation-state behavior in cyberspace,” said John Demers, DoJ’s Assistant Attorney General for National Security, during remarks at the June 18 Defense One Tech Summit.
Demers called Germany’s action “a great sign,” and said the criminal justice system can help establish cyber norms even when an individual never faces a trial.
“It’s difficult to talk about the work that is going on in cyberspace because it is classified,” Demers said. But public indictments bring attribution down to the individual level, with only unclassified admissible evidence, he said.
“It gives us the ability to speak,” said Demers of the legal actions. He said a 2018 indictment of Iranian suspects for stealing intellectual property has enabled the department to share information with research institutions who may be targets of attacks.
Demers said these “speaking indictments” play an educational function and tell a story. “You can’t establish norms if you can’t educate and you can’t lay out your thinking,” he said.
DoJ’s National Security Division has used indictments not just with Russian election interference, but also to expose alleged bank robbery in cyberspace by North Korean individuals and intellectual property theft by Chinese intelligence officers, Demers said.
Of the indictment of Chinese Ministry of State Security (MSS) officers from October 2018, Demers said 12 other nations around the world supported the U.S. in attributing crimes to those individuals.
“That’s been a very slow and gradual process of getting other nations on board with calling out nation-state cyber actors, but it is very important to developing these international cyber norms,” he said.
“It’s a long slow road,” said Demers, but added “some progress has been made.”